 |
» |
|
|
|
(Last Update : 2012.4.26)
|
|
|
|
|
|
|
|
1. Prevents ID/Password Leaks |
|
|
|
Humans have limited information processing capacity and are not designed to keep many IDs and passwords in memory. Things get more worse if they are periodically changed! Users might personally maintain multiple ID and password combinations for example by writing them down on a notebook or piece of paper, saving them in a file on their own PCs or having them memorized by a Web browser. But all these would pose a significant vulnerability towards security threats.
If the environment provides the users with the ability to authenticate only once and then have access to multiple applications (the single sign-on ability to be exact), they only have to remember a single password. A single password is easy to memorize without using insecure means such as noting the password down somewhere. As long as they only have to maintain a single ID and password combination, the users will not be so frustrated with using complex passwords or changing passwords frequently. Ensuring that each user maintains a single rather than multiple ID and password combinations will translate into enhanced security. |
|
|
2. Prevents information leaks |
|
|
|
One of the essential steps to establish the internal control in an organization is to restrict user access to the set of information assets each user is authorized to access. For example, if anyone is allowed to access financial data sheets and there is no means to track who has accessed that information then it would be extremely difficult to verify and prove the authenticity of the data in the financial data sheets.
HP IceWall SSO provides visibility into user behavior through access control and centralized log management. It allows organisations to appropriately manage the user permissions so that unauthorized access can be prevented.
Also, best practices for internal control include managing user identities as well as implementing access control prior to implementing the internal control system.
HP IceWall SSO implements and integrates the 4 A's (Authentication. Authorization, Administration, and Auditing) of access control. It helps to protect against unauthorized access and prevent information leaks by centralizing access control and log management.
|
|
|
3. Defends against HTTP attacks |
|
|
|
The IceWall server is capable of defending against HTTP based attacks such as cross-site Scripting (XSS) and buffer overflow. HP IceWall SSO provides four filters (GET send Data, POST send Data, HTML, and host filters) that serve as preventive measures against cross-site scripting. Also when it encounters a URL or QUERY_STRING value longer than a certain limit, HP IceWall SSO prevents possible buffer overflow attacks by either truncating the value or using a path via HP IceWall SSO to forward the request. Each Web server must individually implement the defense against HTTP based attacks since they cannot be blocked in firewalls. HP IceWall SSO provides a more efficient alternative: you can centralize the defense by placing the IceWall server on the front end of Web servers. |
|
|
4. Enables strong authentication |
|
|
|
The strength of authentication is vital in a single sign-on environment where a user can authenticate only once and then have access to all of the resources the user is authorized to access. HP IceWall SSO provides strong password policy functionality. It allows you to configure strong and granular password policies by not only specifying the password length and expiration but also rejecting the use of particular strings in a password and the reuse of passwords that have been used before. HP IceWall SSO provides centralized and thus simplified management of password policies. Furthermore, it provides support for not only ID/password authentication but multi-factor authentication implemented in conjunction with latest authentication solutions such as electronic certificates, IC cards, tokens, and cell phones. You can choose an authentication method from a variety of authentication methods as appropriate according to your needs from various aspects such as security levels and convenience. |
|
|
5. Provides the highest available encryption level |
|
|
|
HP IceWall SSO provides the highest available level of encryption strength.
ICP (IceWall Cert Protocol) 2.0 provides support for multiple alternative encryption methods, which means that you can select the encryption method and level that is the best suit for your specific environment. It delivers the abilities to protect passwords stored in the authentication database with SHA-2 and column values encryption in the authentication database. All these enable secure management of critical information stored in the authentication database.
In addition, you can encrypt the communications between the IceWall server and agents to secure the data from eavesdropping or theft. |
|
|
|
|
|
|
|
|
Printable version
